Vulnerability Description
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgi | Irix | All versions |
| Bsd | Bsd | All versions |
| Freebsd | Freebsd | 6.2 |
| Netbsd | Netbsd | 2.0.4 |
| Openbsd | Openbsd | 2.1 |
Related Weaknesses (CWE)
References
- http://www.openbsd.com/advisories/signals.txt
- http://www.openbsd.com/advisories/signals.txt
- http://www.osvdb.org/11062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/556
- http://www.openbsd.com/advisories/signals.txt
- http://www.openbsd.com/advisories/signals.txt
- http://www.osvdb.org/11062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/556
FAQ
What is CVE-1999-1214?
CVE-1999-1214 is a vulnerability with a CVSS score of 2.1 (LOW). The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain i...
How severe is CVE-1999-1214?
CVE-1999-1214 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1214?
Check the references section above for vendor advisories and patch information. Affected products include: Sgi Irix, Bsd Bsd, Freebsd Freebsd, Netbsd Netbsd, Openbsd Openbsd.